Notification schema
Notification
| Field |
Type |
Description |
level |
Level |
|
scope |
Scope |
|
group |
Group |
|
title |
string |
|
content |
string |
|
timestamp |
google.protobuf.Timestamp |
|
subject |
google.protobuf.Any |
|
id |
string |
Unique identifier of the notification in UUIDv7 format. |
Subjects
BomConsumedOrProcessedSubject
| Field |
Type |
Description |
project |
Project |
|
bom |
Bom |
|
token |
string |
|
BomProcessingFailedSubject
| Field |
Type |
Description |
project |
Project |
|
bom |
Bom |
|
cause |
string |
|
token |
string |
|
BomValidationFailedSubject
| Field |
Type |
Description |
project |
Project |
|
bom |
Bom |
|
errors |
string[] |
|
ComponentVulnAnalysisCompleteSubject
NewPolicyViolationsSummarySubject
Subject for GROUP_NEW_POLICY_VIOLATIONS_SUMMARY notifications.
NewVulnerabilitiesSummarySubject
Subject for GROUP_NEW_VULNERABILITIES_SUMMARY notifications.
NewVulnerabilitySubject
| Field |
Type |
Description |
component |
Component |
|
project |
Project |
|
vulnerability |
Vulnerability |
|
affected_projects_reference |
BackReference |
|
vulnerability_analysis_level |
string |
|
affected_projects |
Project[] |
List of projects affected by the vulnerability. DEPRECATED: This list only holds one item, and it is identical to the one in the project field. The field is kept for backward compatibility of JSON notifications, but consumers should not expect multiple projects here. Transmitting all affected projects in one notification is not feasible for large portfolios, see https://github.com/DependencyTrack/hyades/issues/467 for details. |
analysis_trigger |
AnalysisTrigger |
The trigger of the analysis that identified the vulnerability. |
NewVulnerableDependencySubject
PolicyViolationAnalysisDecisionChangeSubject
PolicyViolationSubject
ProjectVulnAnalysisCompleteSubject
UserSubject
| Field |
Type |
Description |
username |
string |
|
email |
string |
|
VexConsumedOrProcessedSubject
| Field |
Type |
Description |
project |
Project |
|
vex |
bytes |
|
format |
string |
|
spec_version |
string |
|
VulnerabilityAnalysisDecisionChangeSubject
VulnerabilityRetractedSubject
| Field |
Type |
Description |
component |
Component |
The component for which the vulnerability was previously reported. |
project |
Project |
The project for which the vulnerability was previously reported. |
vulnerability |
Vulnerability |
The previously reported vulnerability. |
Messages
BackReference
| Field |
Type |
Description |
api_uri |
string |
URI to the API endpoint from which additional information can be fetched. |
frontend_uri |
string |
URI to the frontend where additional information can be seen. |
Bom
| Field |
Type |
Description |
content |
string |
|
format |
string |
|
spec_version |
string |
|
Component
| Field |
Type |
Description |
uuid |
string |
|
group |
string |
|
name |
string |
|
version |
string |
|
purl |
string |
|
md5 |
string |
|
sha1 |
string |
|
sha256 |
string |
|
sha512 |
string |
|
NewPolicyViolationsSummarySubject.Overview
NewPolicyViolationsSummarySubject.Overview.NewViolationsCountByTypeEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewPolicyViolationsSummarySubject.ProjectSummaryEntry
NewPolicyViolationsSummarySubject.ProjectSummaryEntry.NewViolationsCountByTypeEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewPolicyViolationsSummarySubject.ProjectSummaryEntry.SuppressedNewViolationsCountByTypeEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewPolicyViolationsSummarySubject.ProjectSummaryEntry.TotalNewViolationsCountByTypeEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewPolicyViolationsSummarySubject.ProjectViolationsEntry
NewPolicyViolationsSummarySubject.Violation
| Field |
Type |
Description |
uuid |
string |
|
component |
Component |
|
policy_condition |
PolicyCondition |
|
type |
string |
|
timestamp |
google.protobuf.Timestamp |
|
analysis_state |
string |
|
suppressed |
bool |
|
NewVulnerabilitiesSummarySubject.Finding
| Field |
Type |
Description |
component |
Component |
|
vulnerability |
Vulnerability |
|
analyzer_identity |
string |
|
attributed_on |
google.protobuf.Timestamp |
|
reference_url |
string |
|
analysis_state |
string |
|
suppressed |
bool |
|
NewVulnerabilitiesSummarySubject.Overview
NewVulnerabilitiesSummarySubject.Overview.NewVulnerabilitiesCountBySeverityEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewVulnerabilitiesSummarySubject.ProjectFindingsEntry
NewVulnerabilitiesSummarySubject.ProjectSummaryEntry
NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.NewVulnerabilitiesCountBySeverityEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.SuppressedNewVulnerabilitiesCountBySeverityEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
NewVulnerabilitiesSummarySubject.ProjectSummaryEntry.TotalNewVulnerabilitiesCountBySeverityEntry
| Field |
Type |
Description |
key |
string |
|
value |
int32 |
|
Policy
| Field |
Type |
Description |
uuid |
string |
|
name |
string |
|
violation_state |
string |
|
PolicyCondition
| Field |
Type |
Description |
uuid |
string |
|
subject |
string |
|
operator |
string |
|
value |
string |
|
policy |
Policy |
|
PolicyViolation
| Field |
Type |
Description |
uuid |
string |
|
type |
string |
|
timestamp |
google.protobuf.Timestamp |
|
condition |
PolicyCondition |
|
PolicyViolationAnalysis
Project
| Field |
Type |
Description |
uuid |
string |
|
name |
string |
|
version |
string |
|
description |
string |
|
purl |
string |
|
tags |
string[] |
|
is_active |
bool |
|
Vulnerability
| Field |
Type |
Description |
uuid |
string |
|
vuln_id |
string |
|
source |
string |
|
aliases |
Vulnerability.Alias[] |
|
title |
string |
|
sub_title |
string |
|
description |
string |
|
recommendation |
string |
|
cvss_v2 |
double |
|
cvss_v3 |
double |
|
owasp_rr_likelihood |
double |
|
owasp_rr_technical_impact |
double |
|
owasp_rr_business_impact |
double |
|
severity |
string |
|
cwes |
Vulnerability.Cwe[] |
|
cvss_v2_vector |
string |
|
cvss_v3_vector |
string |
|
owasp_rr_vector |
string |
|
cvss_v4 |
double |
|
cvss_v4_vector |
string |
|
Vulnerability.Alias
| Field |
Type |
Description |
id |
string |
|
source |
string |
|
Vulnerability.Cwe
| Field |
Type |
Description |
cwe_id |
int32 |
|
name |
string |
|
VulnerabilityAnalysis
Enums
AnalysisTrigger
| Name |
Description |
ANALYSIS_TRIGGER_UNSPECIFIED |
No trigger specified. |
ANALYSIS_TRIGGER_BOM_UPLOAD |
The analysis was triggered by a BOM upload. |
ANALYSIS_TRIGGER_SCHEDULE |
The analysis was triggered by a schedule. |
ANALYSIS_TRIGGER_MANUAL |
The analysis was triggered manually. |
Group
| Name |
Description |
GROUP_UNSPECIFIED |
|
GROUP_CONFIGURATION |
|
GROUP_DATASOURCE_MIRRORING |
|
GROUP_REPOSITORY |
|
GROUP_INTEGRATION |
|
GROUP_FILE_SYSTEM |
|
GROUP_ANALYZER |
|
GROUP_NEW_VULNERABILITY |
|
GROUP_NEW_VULNERABLE_DEPENDENCY |
|
GROUP_PROJECT_AUDIT_CHANGE |
|
GROUP_BOM_CONSUMED |
|
GROUP_BOM_PROCESSED |
|
GROUP_VEX_CONSUMED |
|
GROUP_VEX_PROCESSED |
|
GROUP_POLICY_VIOLATION |
|
GROUP_PROJECT_CREATED |
|
GROUP_BOM_PROCESSING_FAILED |
|
GROUP_PROJECT_VULN_ANALYSIS_COMPLETE |
|
GROUP_USER_CREATED |
|
GROUP_USER_DELETED |
|
GROUP_BOM_VALIDATION_FAILED |
|
GROUP_VULNERABILITY_RETRACTED |
A previously identified vulnerability is no longer applicable, |
| e.g. due to upstream sources correcting their data. |
|
GROUP_NEW_VULNERABILITIES_SUMMARY |
Scheduled summary of new vulnerabilities across projects. |
GROUP_NEW_POLICY_VIOLATIONS_SUMMARY |
Scheduled summary of new policy violations across projects. |
Level
| Name |
Description |
LEVEL_UNSPECIFIED |
|
LEVEL_INFORMATIONAL |
|
LEVEL_WARNING |
|
LEVEL_ERROR |
|
ProjectVulnAnalysisStatus
| Name |
Description |
PROJECT_VULN_ANALYSIS_STATUS_UNSPECIFIED |
|
PROJECT_VULN_ANALYSIS_STATUS_FAILED |
|
PROJECT_VULN_ANALYSIS_STATUS_COMPLETED |
|
Scope
| Name |
Description |
SCOPE_UNSPECIFIED |
|
SCOPE_PORTFOLIO |
|
SCOPE_SYSTEM |
|